Staying Secure at Trade Shows

By Nicholas Greene

With RSA 2012 kicking off next week, then Interop and BlackHat just around the corner after that – we are officially in trade show season. Of course, every show brings with it the challenge of connecting to its official Wi-Fi connection to plug back into corporate headquarters to do everything from email to sending documents and beyond. And as most of us know, this could invite a barrage of security vulnerabilities.

Of course, at IT conferences like Interop and Black Hat, you’ll find yourself with a better class of wireless network– it’s more or less a given that their Wi-Fi connections will be more secure than those at many other trade shows, as the organizers know enough to take an active role in securing the data of attendees. But the real risks come in when, for example, connecting via a hotel or a café near the show – or worse, a rogue unsecured network that tricks users into signing on with a strangely “official sounding” name.

So how will you stay safe this trade show season? In short, VPNs are the key. A VPN will give you all the security you’d get from a private network, and places it into a public arena; opening the requisite ports for easier connectivity, keeping your activities anonymous from others on the network, and encrypting any data you send between yourself and the server.

Unlike with unsecure (and even secure) wireless networks, no known exploits currently exist that are capable of subverting the security on most of the well-designed Virtual Private Networks. While it’s certainly true that a user connected to a VPN can interact with other systems on the network as though they were local, the users of those systems should generally be trustworthy, if you’ve implemented a proper VPN solution.

If you’re connecting to a corporate network, there’s a good chance that the company will already have some sort of VPN solution in place- all that’s left in such a situation is to set it up to run on your own system, and you’ll be golden. Generally, this is as simple as installing the client software for whatever solution you’re running- your company should provide it for you before you leave for the show.

If you’re not an enterprise attendee, or your company doesn’t yet have a VPN solution implemented, it might be worth looking into getting one- NCP has several VPN clients available– for enterprise users, the centrally managed solution’s ideal.

More on VPNs and trade show security next time.

FDE and VPN: Don’t Throw out the Security Baby with the Legacy Bathwater, Part 1

By Cameron Laird

In “Die, VPN! We’re all ‘telecommuters’ now–and IT must adjust,” John C. Welch accurately describes much of the changing landscape through which corporate computing is traveling now:

• Work is as likely to take place outside the office as in;
• Work in some domains has become as likely to take place on an employee’s device as one owned by the corporation;
• A large percentage of all work can be done through the Web; and
• “Endpoint” (in)security is nothing short of horrifying: the data equivalents of bars of gold are regularly walked unescorted through neighborhoods so bad they can’t help but end up in the wrong hands.

The situation is unsustainable; what should be done?

Welch’s conclusion: adopt full-disk encryption (FDE)–and ditch VPNs. His arguments for FDE have merit. The ones against VPN? Well, I expect to use VPNs for a long time into the future, and you should, too. Here’s why:

What is VPN?

First, let’s review the basics: information technology (IT) departments are responsible for computing operations. Computers have, in general, the capacity to make general-purpose calculations. This means both that IT is called on to perform a wide, wide range of tasks–everything from routing telephone connections in a call center, to control of machine actions in a steel plant, to running accounting programs in a hair salon–and also that there is inevitably more than one technique to complete each task or fulfill each requirement.

Even the simplest analysis of the “remote problem” exhibits these characteristics. Let’s begin with Welch’s starting point: much of the work of the future will be done outside the conventional workplace, and therefore outside the usual control policies traditional IT establishes. Everyone agrees that the fundamental data of the workplace deserves protection — whether the business deals in customer names and addresses, proprietary product recipes, or factory inventories and outputs — these details must be kept private. For an IT department, data appear in two states, “in transit,” as it travels from central organization repositories to the hardware of an individual remote worker; and “at rest”, which, for this purpose, means stored on the hardware of an individual remote worker. Welch’s FDE prescriptions address “at rest” or “endpoint” vulnerabilities, with the assumption that any local copy–any file or document or report–of data on a remote machine is necessarily encrypted. In turn, to view company data, an unauthorized person would need not only physical possession of the remote machine, but also a key to unlock the latter’s storage encryption.

Data “in transit” requires a mechanism that enables protection while traveling. With computers, there are many different ways to protect data in transit. In broad terms, though, a VPN  encapsulates everything that passes back and forth from a remote worker in a single consistent way. With a VPN in place, the higher-level applications that are meaningful to an end-user, including software for project management, office productivity, multimedia chat, project collaboration, file access, enterprise resource planning (ERP), and so on, all have the impression that the remote worker is using a computer networked within the home network of the organization. The VPN takes responsibility for translating every data transmission so that what appears to be a message sent to or received from a local computer is actually a corresponding encrypted message to or from a remote location.

Cameron Laird is an award-winning author and developer for Phaseit, where his recent work has concentrated on back-end programming for secure Web applications.

Why You Need a VPN that Supports Seamless Roaming

By Sylvia Rosen

Imagine, you’re at the train station on your way to an important meeting. While you’re waiting, you’re drafting an urgent email. Just before you hit the send button, your wireless connection is lost – and with it, you lose your VPN connection and the link to your office email. Frustrated, you log back in, crossing your fingers that your email saved. Of course, it didn’t. Twenty minutes – and lots of good ideas — down the drain.

Sound familiar? Too many VPN solutions aren’t enabled to handle connection outages or changes, resulting in wasted productivity, and even worse, lost data.  This hassle is eliminated with VPNs that support roaming among different types of networks — allowing users to focus on business instead of worrying about their connection. VPNs with seamless roaming automatically switch to the best available network and ensure that users never have to re-authenticate.

Seamless Roaming

Seamless roaming enables smooth transitions between networks, making it ideal for traveling professionals who are always on the go. VPNs that enable seamless roaming secure your data, even in the event of a wireless outage or switching between networks, like Wi-Fi and 3G.

“If all your traffic goes to the VPN while you are connected to it, then everything is secure; nobody can really attack your machine,” explains Rainer Enders, the CTO Americas for NCP engineering. “When the VPN drops, you go back to regular ‘connecting mode’ through the Internet. If your VPN doesn’t enable seamless roaming, you now have a connecting path that is an insecure tunnel, which is why your connection to your corporate server will likely give way.”

Seamless roaming VPN, however, changes this. With seamless roaming, IT administrators can now ensure that each piece of equipment can connect securely and stay connected securely. Stay tuned for more on this.

Sylvia Rosen writes articles on a variety of telecom topics, including VoIP Phone Systems and Call Center Services.

Safe computing in the mobile age, part 2: What costs dominate?

Editor’s Note: This is a second in a two-part series. Part 1 focused on the mobile landscape.

By Cameron Laird

To minimize costs of installation is attractive, of course. For most organizations, though, personnel costs across the scope of operations dominate what the IT (information technology) department does: it makes sense to make remote connections as convenient as possible for valuable line workers, and minimize the costs of retraining them. That’s where an IPSec (Internet Protocol Security) VPN shines: IPSec VPN establishes a connection that gives the remote user every appearance that she’s connected within the home LAN (local area network), including access to fileshares, printers, and all office-automation applications. By IPSec encapsulation, all this is possible even when transported by purely HTTP/HTTPS facilities of the sort remote workers increasingly encounter.

While SSL vulnerabilities of various sorts and likelihood have been in the news in 2011, the greatest risks with SSL solutions, points out Tom Henderson, Managing Director of Extreme Labs, have to do with key management. Among other precautions, “keys ought to be rotated because as they become aged, someone hacking at them eventually can get the keys …” and penetrate the network. IPSec has longer and considerably more resistant keys.

For all these reasons, the appeal of SSL/TLS VPNs as “installation-free” is only superficial; deeper examination shows that IPSec VPNs enjoy crucial advantages in:

• support of the full range of applications and accesses remote workers require; and
• robust key management, resistance to “man in the middle” attacks, and secure networking even from the most public and untrusted access points.

How to Keep Businesses Safe from Security Breaches

By Sylvia Rosen

When small businesses grow and large businesses spread across the country, remote and traveling professionals need accessibility. That’s why both small and large businesses turn to VPN technology; it gives them the flexibility they need to work across a variety of locations.

However, with accessibility comes risk.

As a business owner, you need to make sure that your remote employees have the accessibility they need to be productive, in addition to the security that you need to have a peace of mind.

Here are three ways that you can keep your business safe from security breaches while using VPN technology:

Chose your VPN technology wisely

Rainer Enders, the CTO Americas for NCP engineering, explains that when it comes to choosing VPN technology, business owners need to keep two things in mind: convenience and company policy.

“What you want to make sure [for the employee] is that it’s simple, it won’t interfere with their work, and it’s at the least intrusive level,” Enders explains.

It’s difficult to predict where your teleworkers will be going and what devices they will be using. As a result, it’s ideal that you would select a VPN that has the “intelligence” to figure out different network types, and from different types of devices, such as cell phones.

In addition, the most important aspect to keep in mind is that your technology is in accordance with your business’ security policy.

“From the employer side, they need to ensure that what is presented is in compliance with security rules and also business rules,” Enders said.

Enders explains that this might mean that businesses will need to adapt their security profile to a reasonable solution. For example, teleworkers will need a solution that allows them to securely connect to the network in areas that are considered to be “hot spots,” such as hotels, cafes, and airports.

Firewalls and security features are your friend

Business owners might cringe at the thought of their employees working in “hot spots,” but the reality is it will happen. As a result, Enders encourages business owners to use a VPN with an integrated firewall.

“The role that the firewall plays is to basically put firm access boundaries around the user’s device and allow or disallow user connectivity,” he explains. “With this, you can enforce that they can only connect to a company network – and not the Internet.”

Enders adds that security features such as “authentication” are great moves toward preventing security breaches because it ensures that the person, who is trying to connect to your company network, is in fact your employee. For example, if a device gets lost or stolen, a strong authentication will makes sure that no one can steal that person’s identity.

Keep track of each employee who has VPN access

Hackers are everywhere, and in today’s technology-driven society, it’s very easy to break into company networks – if you aren’t careful. One of the easiest ways to prevent security breaches is by paying attention to your employees and how they are accessing your company outside of the office.

For example, mobile devices increase the chances of a security breach being reached because of how small they are. With mobile devices, you’re limited from a processing perspective and UI perspective, and also limited in what type of security software you can install.

One resource that Enders suggests businesses turn towards is the cloud. Cloud services providers can adopt an approach where they can offer outsource VPN services that will allow easy manageability in order to connect to VPN services.

Being able to connect to business networks outside the office is a necessity for teleworkers and traveling professionals. As a result, it’s up to business owners to be able to select a VPN solution that is convenient, flexible, and follows security policies.

Sylvia Rosen writes articles on business products, including: Small Business Phone Systems, Document Management Systems, and Business and Home Security Systems.